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(54) Method and apparatus for performing a key update using bidirectional validation 



(57) A key update system uses information in an 
update message from a communications system to 
generate a new key and perform a bidirectional valida- 
tion of the new key. After a unit validates the new key, at 
least a portion of information from the update message 
is used by the communications system to validate the 
new key. As a result, the communications system is not 
required to generate and transmit a separate authenti- 
cation challenge to validate the new key. For example, a 
wireless communications system can send an update 
message with a sequence RANDSSD to the wireless 
unit. The wireless unit generates a new SSD using at 
least a portion of the sequence RANDSSD, and the 
wireless unit uses at least a portion of the new SSD to 
generate a signature value AUTHBS to validate the new 
key and thereby the home authentication center that ini- 
tiated the update of the SSD. After the wireless unit val- 
idates the new key by comparing the AUTHBS 
generated by the wireless unit with an AUTHBS gener- 
ated by the wireless communications system, the wire- 
less unit uses at least a portion of the sequence 
RANDSSD and at least a portion of the new SSD to 
generate the validation value AUTHSSD. The validation 
value AUTHSSD can be sent to the wireless communi- 
cations system along with a confirmation signal indicat- 
ing the wireless unit has validated the new key. The 
wireless communications system can validate the new 
SSD by comparing the validation value AUTHSSD 
received from the wireless unit with a validation value 
generated in the same fashion by the wireless commu- 
nications system. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Reld of The Invention s 

[0001 ] The present invention relates to communica- 
tions; more specifically, the updating of keys or other 
information used by communicating parties. 

2. Description of Related Art 

[0002] A typical wireless communications system 
provides wireless communications services to a geo- 
graphic region. When a wireless unit attempts commu- 
nications with the wireless communications system, the 
wireless communications system authenticates or veri- 
fies the wireless unit's identity before allowing the wire- 
less unit access to the wireless communication system. 
To do so in a typical wireless communications system, 
both the wireless unit and the wireless communications 
system have a secret value called A-KEY. The wireless 
communications system uses the A-KEY and a ran- 
domly generated sequence RANDSSD to generate a 
shared secret data value (SSD). The SSD can be 
divided into SSD-A (Shared Secret Data A) and SSD-B 
(Shared Secret Data B) values. The SSD-A value is 
used for authentication procedures, and the SSD-B 
value is used for key generation and encryption proce- 
dures. The wireless communications system transmits 
the RANDSSD to the wireless unit The wireless unit 
then calculates SSD in the same fashion as calculated 
by the wireless communications system. 
[0003] Before accepting new SSD values to be 
used in authentication and encryption procedures, the 
wireless unit validates the new SSD values. To do so, 
the wireless unit generates a random challenge 
RAN DBS to generates a validation signature value 
AUTHBS. The wireless unit also sends the RANDBS to 
the wireless communications system, and the wireless 
communications system derives AUTHBS in the same 
fashion using RANDBS from the wireless unit. The wire- 
less communications system sends the AUTHBS value 
to the wireless unit, and the wireless unit compares the 
AUTHBS value generated at the wireless unit with the 
AUTHBS value sent from the system. If the comparison 
is successful, the SSD update is successful. 
[0004] After the SSD update, the wireless commu- 
nications system typically authenticates the wireless 
unit to ensure that the wireless unit has property calcu- 
lated the SSD. The wireless communications system 
generates a sequence, such as a random challenge 
RANDU, and sends the sequence RANDU to the wire- 
less unit which uses RANDU and SSD-A to generate an 
authentication signature value AUTHU. The wireless 
communications system generates the authentication 
signature value AUTHU in the same fashion. The wire- 
less unit then transmits the value AUTHU calculated by 



the wireless unit to the wireless communications sys- 
tem. The wireless communications system compares 
the value AUTHU calculated by the system and the 
AUTHU value received from the wireless unit If the val- 
ues match, the wireless unit is authenticated. 
[0005] The above-described SSD update and 
authentication of the wireless unit requires that the wire- 
less unit confirm the validity of the SSD update followed 
by the system performing a separate authentication of 
the wireless unit to ensure the validity of the SSD 
update from the perspective of the wireless unit and the 
wireless communications system. As a result, the wire- 
less unit confirms that the SSD update is successful 
before the authentication of the wireless unit can be ini- 
tiated. After the wireless unit confirms the SSD update, 
the system performs a separate authentication requiring 
the system to generate additional information, such as a 
random challenge RANDU, and to send the random 
challenge to the wireless unit The wireless unit must 
then respond by sending to the system the authentica- 
tion signature value AUTHU derived using RANDU. 

SUMMARY OF THE INVENTION 

[0006] The present invention provides a key update 
system which uses information in an update message 
from a communications system to generate a new key 
and perform a bidirectional validation of the new key. 
After a unit validates the new key, at least a portion of 
information from the update message is used by the 
communications system to validate the new key. As a 
result, the communications system is not required to 
generate and transmit a separate authentication chal- 
lenge to validate the new key. For example, a wireless 
communications system can send an update message 
with a sequence RANDSSD to the wireless unit The 
wireless unit generates a new SSD using at least a por- 
tion of the sequence RANDSSD, and the wireless unit 
uses at least a portion of the new SSD to generate a 
signature value AUTHBS to validate the new key and 
thereby the home authentication center that initiated the 
update of the SSD. After the wireless unit validates the 
new key by comparing the AUTHBS generated by the 
wireless unit with an AUTHBS generated by the wire- 
less communications system, the wireless unit uses at 
least a portion of the sequence RANDSSD and at least 
a portion of the new SSD to generate the validation 
value AUTHSSD. The validation value AUTHSSD can 
be sent to the wireless communications system along 
with a confirmation signal indicating the wireless unit 
has validated the new key. The wireless communica- 
tions system can validate the new SSD by comparing 
the validation value AUTHSSD received from the wire- 
less unit with a validation value generated in the same 
fashion by the wireless communications system. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0007] Other aspects and advantages of the 
present invention may become apparent upon reading 
the following detailed description and upon reference to 
the drawings in which: 

FIG. 1 shows a general diagram of a wireless com- 
munications system in which the key update and 
bidirectional validation system according to the 
principles of the present invention can be used; 
FIGS. 2a and 2b illustrate the sharing of a key with 
a visitor location register by the home location reg- 
ister and the authentication process in a typical net- 
work, such as an IS-41 compliant network; 
FIG. 3 illustrates a key update and separate 
authentication procedure used between a wireless 
unit and a wireless communication system based 
on IS-95B; and 

FIG. 4 illustrates a method for performing a key 
update with bidirectional validation according to the 
principles of the present invention. 

DETAILED DESCRIPTION 

[0008] FIG. 1 depicts a portion of a typical wireless 
communications system 5 which provides wireless 
communications services through a base station 1 0 to a 
geographic region 12, such as a cell or sector, associ- 
ated with the base station 10. When a wireless unit 14 
within the cell 12 first registers or attempts communica- 
tions with the base station 10, the base station 10 
authenticates or verifies the wireless unifs identity 
before allowing the wireless unit 1 4 access to the wire- 
less communication system. The home network for the 
wireless unit 14 can be a collection of cells making up a 
cellular geographic service area where the wireless unit 
1 4 resides and is typically the network controlled by the 
service provider that has contracted with the wireless 
unifs owner to provide wireless communication serv- 
ices. When wireless unit 14 is in a network other than its 
home network, it is referred to as being in a visiting com- 
munication network. If the wireless unit 14 is operating 
in the visiting communication network, the authentica- 
tion of the wireless unit by base station 10 will involve 
communicating with a home authentication center 16 of 
the wireless unit's home network. 
[0009] In the example of FIG. 1 , the wireless unit 1 4 
is in a visiting communications network. As a result, the 
authentication of the wireless unit 1 4 involves communi- 
cating with the home authentication center 16 of the 
wireless unifs home network. When the wireless unit 14 
attempts to access the visiting communications net- 
work, base station 10 communicates with a visiting 
authentication center 1 8 of the visiting communication 
network. The visiting authentication center 18 deter- 
mines from a wireless unit or terminal identifier, such as 
the telephone number of wireless unit 14, that the wire- 



less unit 14 is registered with a network that uses home 
authentication center 16. Visiting authentication center 
18 then communicates with home authentication center 
16 over a network, such as a signaling network 20 

5 under the standard identified as TIA/EI A-41 -D entitled 
■Cellular Radiotelecommunications Intersystem Opera- 
tions," December 1997 ("IS-41 "). Home authentication 
center 16 then accesses a home location register (HLR) 
22 which has a registration entry for wireless unit 14. 

10 Home location register 22 may be associated with the 
wireless unit by an identifier such as the wireless unifs 
telephone number. The information contained in the 
home location register 22 is used to generate authenti- 
cation and encryption keys, such as a shared secret 

is data (SSD) key, and other information that is then sup- 
plied to a visitor location register (VLR) 24 of the visiting 
authentication center 1 8. The information from the visi- 
tor location register 24 is then used to supply base sta- 
tion 10 with information, such as a random number 

20 challenge, that is transmitted to wireless unit 1 4 so that 
wireless unit 14 can respond and thereby be authenti- 
cated as a wireless unit that is entitled to receive com- 
munication services. 

[0010] FIGs. 2A and 2B show how a wireless unit 

25 14 is authenticated within a visiting network which is 
compatible with the IS-41 signaling standard. Both the 
wireless unit 14 and the home location register 22 con- 
tain a secret value called A- KEY When the wireless unit 
14 requests access to a visiting network, the visiting 

30 network authentication center 1 8 (FIG. 1 ) requests data 
from the home authentication center 16 (FIG. 1). The 
home location register 22 associated with the wireless 
unit 14 is located using an identifier, such as the wire- 
less unifs telephone number. The home location regis- 

35 ter 22 for the wireless unit 1 4 stores the A-KEY which is 
used to generate a shared secret data value (SSD) that 
will be transmitted to the visitor location register 24. The 
SSD can be calculated by performing a CAVE algorithm 
using a random number RANDSSD as an input and the 

40 A-KEY as a key input The CAVE algorithm is well 
known in the art and is specified in the IS-41 standard. 
The SSD can be divided into SSD-A (Shared Secret 
Data A) and SSD-B (Shared Secret Data B) values. The 
SSD-A value is used for authentication procedures, and 

45 the SSD-B value is used for key generation and encryp- 
tion procedures. The home authentication center 16 
transfers the values SSD-A, SSD-B and RANDSSD to 
the visitor location register 24 of the visiting network. As 
will be discussed below, the visiting network updates 

so the SSD that will be used by the wireless unit 14 by 
transmitting RANDSSD to the wireless unit The wire- 
less unit 14 then calculates SSD in the same 
fashion as calculated by the home authentica- 
tion center 16 as shown by the equation SSD-A, 

55 SSD-B = CAVE ^^(RANDSSD) . After both the 
wireless unit and the visiting location register 24 have 
the keys SSD-A and SSD-B and the update procedure 
is completed as described below, the wireless unit 14 



3 



5 



EP 1 073 233 A2 



6 



can be authenticated by the visiting network. 
[0011] FIG. 2B illustrates how a wireless unit is 
authenticated within a visiting network after both the 
wireless unit and visiting location register have updated 
the values SSD-A and SSD-B, which can be referred to 
as shared keys. The visiting authentication center 18 
(FIG. 1) challenges the wireless unit 14 by sending a 
random number challenge RAND to the wireless unit At 
this point both the wireless unit and visiting authentica- 
tion center calculate the value AUTHR where AUTHR is 
equal to the output of a cryptographic function, such as 
the CAVE algorithm, using the random number RAND 
and the SSD-A value as inputs as shown by 
AUTHR= CAVE SSD . A (RAND) . The wireless unit then 
transmits the calculated value AUTHR to the visiting 
authentication center 18 (FIG. 1). The visiting authenti- 
cation center 18 compares its calculated value of 
AUTHR and the value received from the wireless unit 
14. If the values match, the wireless unit 14 is authenti- 
cated and it is given access to the visiting network. 
[001 2] In addition, both the wireless unit 1 4 and the 
visiting authentication center 1 8 calculate the value of 
cipher key Kc where the value Kq is equal to the output 
of the CAVE algorithm using the value SSD-B as the key 
input and additional information, such as RAND, as an 
input as shown by K c = CAVE (RAND) . At this 
point, communications between the wireless unit and 
the visiting network are permitted and may be 
encrypted using a cryptographic function where the 
inputs are the message to be encrypted and the key Kc- 
The cryptographic functions are specified for code divi- 
sion multiple access (CDMA), time division multiple 
access (TDMA) and global system mobile (GSM) sys- 
tems by their respective standards. It should be noted 
that with regard to IS-41 , communications between the 
visiting authentication center 18 and the home authenti- 
cation center 1 6 are typically carried out each time the 
wireless unit 14 registers with the visiting network as 
opposed to each time a call is made to the wireless unit 
14. It is also possible to carry out the same procedures 
when the wireless unit is in the home network. In this 
case, the home authentication center, rather than the 
visiting authentication center, communicates with the 
wireless unit. The communications between the wire- 
less unit and the authentication center in the wireless 
communications systems pass through a wireless base 
station. 

[0013] If the home authentication center 16 deter- 
mines that the key value SSD needs to be updated, for 
example because certain criteria indicate that the SSD 
may be compromised, the SSD value associated with 
the wireless unit 14 can be updated. FIG. 3 shows the 
SSD update procedure followed by the standard identi- 
fied as TIA/EIA-95-B entitled "Mobile Station-Base Sta- 
tion Compatibility Standard for Dual-Mode Spread 
Spectrum Systems" ("IS-95B") between the wireless 
unit and the wireless communications system. The wire- 
less communications system can include the serving 



base station, the visiting authentication center, the visi- 
tor location register, the home authentication center 
and/or the home location register. The SSD update pro- 
cedure provides both the wireless unit and the wireless 
5 communications system with updated keys (SSD-A and 
SSD-B) that will be used for encryption and authentica- 
tion. 

[0014] To set the value SSD, the home authentica- 
tion center creates a RANDSSD sequence. Using the 

w RANDSSD sequence, the A-key and the ESN of the 
wireless unit as inputs to a cryptographic function, such 
as a SSD generation procedure 30, the home authenti- 
cation center generates a new key value (SSD). The 
home authentication center sends the RANDSSD 

is sequence through the visiting authentication center and 
the serving base station in an update message, such as 
an SSD update message 32, to the wireless unit to 
update the SSD. The wireless unit provides the 
RANDSSD sequence received from the serving base 

20 station along with the A-key and the electronic serial 
number (ESN), which are stored at the wireless unit, to 
a cryptographic function, such as an SSD key genera- 
tion procedure 34. The SSD key generation procedure 
34 generates the new SSD which is divided into SSD-A- 

25 NEW and SSD-B-NEW. The SSD generation proce- 
dures 30 and 34 implement the CAVE algorithm using a 
random number RANDSSD, ESN and the value A-KEY 
as inputs. The CAVE algorithm is well known in the art 
as a one-way function which inhibits the determination 

30 of the inputs to the function given the output. 

[0015] Before accepting new SSD values to be 
used in authentication and encryption procedures, the 
wireless unit validates the new SSD value and thereby 
the home authentication center 1 6 which initiated the 

35 generation of the new SSD value. To do so, the wireless 
unit generates a random number RANDBS at block 36. 
The wireless unit provides RANDBS and SSD -A- NEW 
along with additional data, such as the ESN and/or an 
AUTH_DATA string derived from an international mobile 

40 station identification number (IMSI), to a cryptographic 
function, such as a signature procedure 38. The signa- 
ture procedure 38 generates the validation signature 
value AUTHBS. The wireless unit also sends the 
RANDBS to the wireless communications system, for 

45 example as part of a base station challenge order 37. 
Using a corresponding cryptographic function, such as 
a signature procedure 40, the wireless communications 
system derives AUTHBS using RANDBS from the wire- 
less unit, SSD-A-NEW from the SSD generation proce- 

50 dure 30 and the additional data, such as the ESN anoVor 
the AUTH_ DATA, used by the wireless unit to derive 
AUTHBS. The wireless communications system sends 
the AUTHBS value generated by the signature proce- 
dure 40 to the wireless unit, for example in a base sta- 

55 tion challenge confirmation order 41 . At block 42, the 
wireless unit compares the AUTHBS value generated at 
the wireless unit with the AUTHBS value sent from the 
system. If the comparison is successful, the wireless 



4 



7 



EP 1 073 233 A2 



8 



unit will set the SSD-A value to SSD-A-NEW and the 
SSD-B value to SSD-B-NEW. The wireless unit then 
sends an SSD update confirmation order 43 to the 
home authentication center indicating successful com- 
pletion of the SSD update. Upon receipt of the SSD 
update confirmation order, the home authentication 
center sets SSD-A and SSD-B to the SSDA-NEW and 
SSD-B-NEW values generated by the system. 
[0016] After the SSD update procedure, the wire- 
less communications system typically authenticates the 
wireless unit to ensure the validity of the new SSD key 
value. The wireless communications system generates 
a sequence, such as a random challenge RANDU, and 
sends the sequence RANDU to the wireless unit, for 
example in an authentication challenge message 44. 
Upon receipt of the authentication challenge message 
44, the wireless unit provides at least a portion of 
sequence RANDU to a cryptographic function, for 
example to an authentication signature procedure 46 
with the inputs ESN, AUTH_DATA, SSD-A and a 
RAND_CH ALLENG E derived from RANDU and IMSL 
The authentication signature procedure 46 generates 
the authentication signature value AUTHU as the output 
of the CAVE algorithm using the RAND_CHALLENGE, 
ESN, AUTH_DATA and SSD-A as inputs. The wireless 
communications system generates the authentication 
signature value AUTHU using the authentication signa- 
ture procedure 48 in the same fashion. The wireless unit 
then transmits the value AUTHU calculated by the wire- 
less unit to the wireless communications system. The 
wireless communications system compares the value 
AUTHU calculated by the system and the AUTHU value 
received from the wireless unit at block 50. If the values 
match, the wireless unit is authenticated, and the wire- 
less communications system validates the new SSD 
value. 

[0017] The above-described SSD update and 
authentication of the wireless unit requires that wireless 
unit confirm the validity of the SSD update followed by 
the system performing a separate authentication of the 
wireless unit to ensure the validity of the SSD update 
from the perspective of the wireless unit and the wire- 
less communications system. As a result, the wireless 
unit must transmit the SSD confirmation order to con- 
firm the SSD update before the authentication of the 
wireless unit can be initiated. After the wireless unit con- 
firms the SSD update, the system performs a separate 
authentication requiring the system to generate addi- 
tional information, such as a random challenge RANDU, 
and to send the random challenge to the wireless unit 
The wireless unit must then respond by sending to the 
system the authentication signature value AUTHU 
derived using RANDU. 

[001 8] An illustrative embodiment of the key update 
using bidirectional validation according to the principles 
of the present invention is described below which pro- 
vides an improved key update procedure. For example, 
if a home authentication center initiates a key update, 



such as a shared secret (SSD) data key, because for 
example certain criteria at the home authentication 
center indicate that the key may be compromised or for 
any other reason (for example, to be initialized), the 

5 home authentication center can have an update mes- 
sage sent to the wireless unit According to the princi- 
ples of the present invention, the wireless unit uses 
information (for example, RANDSSD and/or additional 
information) in the update message and an internal ty- 
ro stored secret value (for example, A-key) known only to 
the wireless unit and the home authentication center to 
generate the new or updated key (for example, SSD). 
After the wireless unit generates the new key value and 
validates the new key and thereby the home authentica- 

15 tion center, a validation of the new key (for example, the 
SSD) is performed by the wireless communications sys- 
tem using at least a portion of information (for example, 
RANDSSD anchor other information) sent in the update 
message. Thus, after performing an SSD update, a sep- 

20 arate authentication challenge (for example, RANDU) is 
not required for the system to validate the new SSD. 
[0019] Depending on the embodiment and/or 
whether the wireless unit is registering with a visiting or 
home network, portions of the key update and bidirec- 

25 tional validation system can be implemented in different 
portions of the wireless communications system, such 
as the serving base station, the visiting authentication 
center, the visitor location register, the home location 
register anoVor the home authentication center. Once 

30 the wireless unit has validated the new SSD value and 
the wireless communications system has validated the 
new SSD, the wireless unit and the wireless communi- 
cations system can use the updated keys (SSD-A and 
SSD-B) for encryption and authentication. 

35 [0020] FIG. 4 shows an embodiment of the key 
update and bidirectional validation procedure between 
a wireless unit and the wireless communications sys- 
tem. The wireless unit and the home location register 
share a secret value A-key. When a key update, for 

40 example of a shared key (SSD), is to be performed, the 
home authentication center creates a RANDSSD 
sequence at block 100. The sequence RANDSSD can 
be a random number, a pseudo-random number which 
repeats after a certain period or the output of an ever- 

45 increasing counter the received value of which cannot 
be less than or equal to a previously received value. The 
home authentication center accesses the home location 
register associated with the wireless unit using an iden- 
tifier such as a telephone number of the wireless unit, 

so received from or determined from information received 
from the wireless unit. The home authentication center 
then calculates a new key value SSD by taking the out- 
put of a cryptographic function, such as an SSD or key 
generation procedure 102, using the sequence 

55 RANDSSD and the secret key A-key as inputs. The new 
value SSD can de divided into SSD-A-NEW and SSD- 
B-NEW. After the SSD update is bidirectionally vali- 
dated, the SSD-A is used in authentication procedures 
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and the SSD-B is used in key generation, for example in 
generating the cipher key Kc, or encryption procedures. 
As shown in FIG. 4, embodiments of the key update and 
bidirectional validation system can use additional 
input(s) to the key generation procedure 102, for exam- 
ple a value which is characteristic of the wireless unit or 
the subscription, such as the ESN and/or IMSI. 
[0021 ] The wireless communications system sends 
the RANDSSD sequence to the wireless unit in a SSD 
update message 1 04 to create the new SSD value. The 
wireless unit generates the new value SSD (SSD-A- 
NEW and SSD-B-NEW) for the key SSD in the same 
fashion as the wireless communications system using 
the RANDSSD sequence received from the system, the 
A-key stored in the wireless unit and any additional 
information, such as the ESN stored in the wireless unit, 
as inputs to an SSD generation procedure 106. The 
SSD generation procedures 102 and 106 implement the 
CAVE algorithm using a random number RANDSSD, 
ESN and the value A-KEY as the key input The CAVE 
algorithm is well known in the art as a one-way function. 
Other generation procedures can be used. 
[0022] After generating the new SSD value (SSD-A- 
NEW, SSD-B-NEW), the wireless unit authenticates the 
wireless communications system and thereby validates 
the new SSD value. To do so, the wireless unit gener- 
ates a number or sequence RANDBS, such as a ran- 
dom number, at block 1 08 and sends RANDBS to the 
wireless communications system. The sequence 
RANDBS can be a pseudo-random number which 
repeats after a certain period or the output of an ever- 
increasing counter the received value of which cannot 
be less than or equal to a previously received value. The 
wireless unit provides RANDBS and SSD-A-NEW along 
with any additional data, such as the ESN and/or an 
AUTH_DATA string derived from an international mobile 
station identification number (IMSI), to a signature pro- 
cedure 1 1 0. The signature procedure 1 1 0 generates the 
signature value AUTHBS. On the wireless communica- 
tions system side, a signature procedure 112 derives 
AUTHBS using the RANDBS sequence received from 
the wireless unit, SSD-A-NEW from the SSD generation 
procedure 102 and any additional data used by the 
wireless unit, such as ESN andfor AUTH_DATA. The 
system sends the AUTHBS value generated by the sig- 
nature procedure 112 to the wireless unit for verifica- 
tion. At block 114, the wireless unit compares the 
AUTHBS value generated at the wireless unit with the 
AUTHBS value received from the system. If the compar- 
ison is successful, the wireless unit has validated the 
new SSD value and thereby the wireless communica- 
tion system, and the wireless unit can set the SSD-A 
value to SSD-A-NEW and the SSD-B value to SSD-B- 
NEW. 

[0023] The wireless communications system then 
validates the new SSD value. The sequence RANDSSD 
provided to the wireless unit for updating the key value 
SSD is also used to validate the new SSD. The wireless 



unit uses the RANDSSD received from the system and 
the SSD-A-NEW generated at the wireless unit by the 
SSD generation procedure 106 along with any addi- 
tional data, such as at least portions of RANDBS, ESN 

5 and/or AUTH_DATA, to provide inputs to a signature 
procedure 116. For example, at least a portion of 
RANDSSD and at least a portion of SSD-A-NEW as 
well as any additional data, such as the ESN and 
AUTH_DATA, can be provided to the signature proce- 

ro dure 1 16. The wireless unit then generates a validation 
value AUTHSSD. The wireless unit sends AUTHSSD to 
the wireless communications system. On the wireless 
communications system side, the system provides to a 
corresponding signature procedure 1 18 inputs used by 

is the wireless unit to generate AUTHSSD, for example the 
RANDSSD sequence, the SSD-A-NEW generated by 
the system using the SSD generation procedure 102 
and any additional data used by the wireless unit, such 
as ESN and AUTH_DATA. The signature procedure 1 1 8 

20 generates the validation value AUTHSSD, and the sys- 
tem compares at block 120 the AUTHSSD generated by 
the system with the AUTHSSD received from the wire- 
less unit. If the comparison is successful, the system 
validates the updated key SSD, and the system sets the 

25 SSD-A value to the SSD-A-NEW value generated by 
the system and the SSD-B value to the SSD-B-NEW 
value generated by the wireless communications sys- 
tem. 

[0024] The key update and bidirectional validation 

30 procedure can be carried out periodically; when the 
wireless communications system determines that the 
shared key SSD may be compromised based on certain 
criteria; when the wireless unit returns to the home net- 
work or a trusted visiting network; when the A-key is 

35 changed; when a new subscription is established to ini- 
tialize the SSD value; and/or for other reasons. Addi- 
tionally, depending on the embodiment, the inputs to the 
key generation procedures 102 and 106 and the signa- 
ture procedures 1 1 0, 1 1 2, 1 1 6 and 1 1 8 can include val- 

40 ues in addition to those mentioned above or inputs 
derived from those and other values. For example, at 
least portions of the electronic serial number (ESN) of 
the wireless unit, the phone number (MINI) of the wire- 
less unit and/or the IMSI of the wireless unit can be 

45 used as an input(s) to the key generation and signature 
procedures 102, 106, 110, 112, 116 and 118. The key 
generation procedures 102 and 106 and the signature 
procedures 110, 112, 116 and 118 can be hash func- 
tions or any one-way cryptographic function, such as 

so the CAVE algorithm and/or SHA-1 . Hash functions can 
be characterized as one way functions (a function for 
which it is not feasible to re-generate the inputs given 
the output), as functions which produce a many to one 
mapping of inputs to outputs, and/or as functions which 

55 produce outputs with less information than the inputs, 
thereby the inputs are difficult to ascertain given the out- 
put. In such functions, the output is referred to as a sig- 
nature of the input 
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[0025] Depending on the embodiment, the commu- 
nications for the key update and bidirectional validation 
system can take place between the wireless unit and 
the home authentication center (through the visiting 
authentication center if the wireless unit is in a visiting 
network). In alternative embodiments, portions of the 
key update and bidirectional validation system can be 
performed in locations other than the home authentica- 
tion center. For example, if the home authentication 
center sends RANDSSD along with the SSD-A-NEW to 
the visiting authentication center to generate the signa- 
ture value AUTHBS, the visiting authentication center 
could generate the AUTHBS sent to the wireless unit, 
and/or the visiting authentication center could generate 
AUTHSSD and compare AUTHSSD to the AUTHSSD 
sent by the wireless unit Depending on the embodi- 
ment, the inputs for the SSD generation and signature 
procedures can be communicated from different 
sources to the wireless unit, the visiting authentication 
center and/or the home authentication center. For 
example, if the ESN is used as an input to the signature 
procedure and the visiting authentication center per- 
forms the calculation of AUTHBS and AUTHSSD, the 
ESN could be transmitted to the visiting authentication 
center from the home authentication center. 
[0026] In addition to the embodiment(s) described 
above, the key update and bidirectional validation sys- 
tem according to the principles of the present invention 
can be used which omit and/or add input parameters to 
the key generation and signature procedures and/or use 
variations or portions of the described system. For 
example, the key update and bidirectional validation 
system is described with comparative reference to a cel- 
lular network using IS-95-B in which a shared key SSD 
is updated, but other wireless systems using different 
multiple access techniques, such as TDMA or GSM, 
can be used in which other information is updated 
according to the principles of the present invention. It 
should be understood that different notations, refer- 
ences and characterizations of the various values, 
inputs and architecture blocks can be used. For exam- 
ple, the functionality of the home authentication center 
and the visiting authentication center can be performed 
in mobile switching centers (MSCs) of a wireless com- 
munications system. It should be understood that the 
system and portions thereof and of the described archi- 
tecture can be implemented in or integrated with 
processing circuitry in the wireless unit or at different 
locations of the wireless communications system, or in 
application specific integrated circuits, software-driven 
processing circuitry, firmware or other arrangements of 
discrete components as would be understood by one of 
ordinary skill in the art with the benefit of this disclosure. 
What has been described is merely illustrative of the 
application of the principles of the present invention. 
Those skilled in the art will readily recognize that these 
and various other modifications, arrangements and 
methods can be made to the present invention without 



strictly following the exemplary applications illustrated 
and described herein and without departing from the 
scope of the present invention. 

5 Claims 

1 . A method of updating a key maintained in a unit for 
communicating with a communications system, 
said method comprising: 

10 

receiving a sequence; 

generating said key from a secret value stored 
in said unit at least a portion of said sequence; 
validating said key; 
15 generating a validation value using at least a 

portion of said sequence and at least a portion 
of said key; and 

sending said validation value to said communi- 
cation system for said communication system 
20 to validate said key. 

2. The method of claim 1 wherein said step of gener- 
ating said key comprises: 

25 developing an update string comprising at least 

a portion of said sequence and a secret value; 
and 

generating said key from said string. 

30 3. The method of claim 1 wherein said validating said 
wireless communications system includes: 

generating a challenge sequence. 

35 4. The method of claim 3 wherein said validating 
includes: 

generating a signature value which is a func- 
tion of at least said challenge sequence and at 
40 least a portion of said key; and 

comparing said signature value with a signa- 
ture value received from said system. 

5. The method of claim 1 wherein said generating a 
45 validation value including: 

developing a validation string comprising at 
least a portion of said sequence and at least a 
portion of said key; and 
so generating said validation value from said vali- 

dation string. 

6. A method of updating a key maintained for a unit in 
a communications system, said method compris- 

55 ing: 

sending an update sequence for said unit; 
sending a signature value for said unit using at 
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least a portion of a key generated from a secret 
value stored in said communications system 
associated with said unit and at least a portion 
of said update sequence for said unit to vali- 
date said key; 5 
receiving a first validation value from said unit; 
and 

comparing said first validation value with a said 
second validation value generated using at 
least a portion of said update sequence and at w 
least a portion of said key 



7. The method of claim 6 including: 

generating said update sequence. 15 

8. The method of claim 6 including: 

receiving by said visiting authentication center 
said update sequence from said home authen- 20 
tication center. 

9. The method of claim 6 further comprising: 

generating said key as a function of at least a 25 
portion of said update sequence and a secret 
value from said update string. 

10. The method of claim 6 wherein said sending a sig- 
nature value including: 30 

receiving a challenge sequence; 
developing a signature string comprising at 
least said challenge sequence and at least a 
portion of said key; 35 
generating a signature value from said signa- 
ture string; and 

sending said signature value to said unit 

11 . The method of claim 6 further comprising: 40 

generating said second validation value as a 
function of at least a portion of said sequence 
and at least a portion of said key. 

45 

12. A key update system for enabling a unit to commu- 
nicate with a communications system, said system 
comprising: 

processing circuitry being configured to receive so 
a sequence and to generate a key from a 
secret value stored in said unit and at least a 
portion of said sequence, said system being 
configured to use said key to validate said key 
and to generate a validation value using at 55 
least a portion of said sequence and at least a 
portion of said key, said processing circuitry 
being configured to provide said validation 



value to said system for said system to validate 
said key. 

13. The system of claim 1 2 wherein said processing cir- 
cuitry is further configured to generate said key as 
a function of at least a portion of said sequence and 
a secret value. 

1 4. The system of claim 1 2 wherein said processing cir- 
cuitry is further configured to generate a challenge 
sequence 

1 5. The system of claim 1 4 further configured to gener- 
ate a signature value as a function of at least said 
challenge sequence and at least a portion of said 
key and to compare said signature value with a sig- 
nature value received from said system. 

1 6. The system of claim 1 2 further configured to gener- 
ate said validation value as a function of at least a 
portion of said sequence and at least a portion of 
said key. 

17. A system for updating a key maintained for a unit in 
a communications system, said system comprising: 

processing circuitry configured to provide an 
update sequence for said unit and to provide a 
signature value for said unit using at least a 
portion of a key generated from a secret value 
stored in said communications system associ- 
ated with said unit, and at least a portion of said 
update sequence for said unit to validate said 
communications system, said processing cir- 
cuitry further configured to receive a first vali- 
dation value from said unit and to compare said 
first validation value and a said second valida- 
tion value generated using at least a portion of 
said update sequence and at least a portion of 
said key. 

1 8. The system of claim 1 7 wherein said processing cir- 
cuitry configured to generate said update 
sequence. 

1 9. The system of claim 1 7 wherein said processing cir- 
cuitry further configured to generate said key as a 
function of at least a portion of said update 
sequence and a secret value. 

20. The system of claim 1 7 wherein said processing cir- 
cuitry further configured to receive a challenge 
sequence, to generate a signature value as a func- 
tion of at least said challenge sequence and at least 
a portion of said key, and to provide said signature 
value to said wireless unit. 

21. Trie system of claim 1 7 wherein said processing cir- 
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cuitry further configured to develop said second val- 
idation value as a function of at least a portion of 
said sequence and at least a portion of said key. 



w 



15 



20 



25 



30 



35 



40 



50 



55 



9 



EP 1 073 233 A2 




10 



EP 1 073 233 A2 




11 



EP 1073 233 A2 



FIG. 3 



WRCLESSUWr 



RAND5S0 A-KEY 
ESN 



SSD UPDATE MESSAGE 
(RAHDSSO) 



WIRELESS COMMUNICATIONS 
SYSTEM 

A-KEY RANDSSD 
ESN 



SSDjGENERATION I/ 3 * 



30 



POfwyni iPC 



\ 



r rJ 

SSOJLNEW I 



SSOjGENERATION 
PROCEDURE 



SSOJLNEW 



I DATA 
I ESN 


RANDBS 


I 


AUTHJSGMATURE 
PROCEDURE 



/to 

/ D 



I SSOJJCW 
37 SSOJLNEW 



BASE STATION CHALLENGE ORDER 



(RANDBS) 



-38 



40 



h 



AUTH DATA 
ESN 



\ AUTHJSKNATURE 
PROCEDURE 




-42 



BASE STATION CHALLENGE ORDER 
CONFRMATION ORDER 



41 



(AUTHBS) 

„ SSD UPDATE COKHRUATtON ORDER (SUCCESS) 
/43 SSD UPDATE REJECTION ORDER (FA1URE) 



saw 



AUTHENTICATION CHALLENGE MESSAGE / 



44 



AUTHLDATA 



RANDU 



(RANDU) 



SSD_A 



RANDU 



AUTHLDATA 



t 



ESN 

1 
I 



i 



v 



46 



48 



AUTHU 



ESN 

1 

I 



V 



50 



12 



EP1 073 233 A2 



FW. 4 



\ jjjjjssjj | 




13 



